Friday, September 9, 2011

How to Help Prevent Drive-By Viruses Using ActiveX Filtering in IE9

Anybody who has been around the internet for a while knows about ActiveX controls and their historical security problems. Here’s how to use ActiveX filtering in IE9 to prevent being hijacked by a virus while browsing.

What Is An ActiveX Control?

ActiveX is a standard dreamed up by Microsoft so that you can make use of the same code across multiple programs without “re-inventing the wheel” as developers like to call it. ActiveX Controls are an extension on Microsoft’s COM (Component Object Model), which allows for programs to interoperate with each other, so an ActiveX Control that is programmed in C# can talk to other ActiveX Controls that are programmed in C++.
How is this used in practice? For instance, Internet Explorer in its default installation state cannot play flash videos, but with an ActiveX control from Adobe, it can. As you can see ActiveX controls add more functionality to programs.

So What Is Wrong With That?

You might by now be thinking that ActiveX Controls are really helpful, and they are. The problem is that third-party plugins often contain security risks. In Internet Explorer, ActiveX controls can be downloaded and executed in the background and pose a risk of you being infected, via drive-by attack where you go to a website that exploits a security hole.

How Can I Protect Myself From This?

Internet Explorer 9 brought along a feature called ActiveX Filtering, that allows a whitelist style protection scheme. When enabled NO ActiveX Controls are allowed to run, then when you go to a site that requires ActiveX Controls, if you trust the site you can add them to the whitelist. Only websites on the list will be able to run ActiveX Controls.
By default ActiveX Control filtering is disabled in Internet Explorer 9, thus allowing any web page with an ActiveX Control to execute it. To enable ActiveX Filtering go to Tools Menu>Safety and then select the ActiveX Filtering Option.
Now when you go to a website that tries to run an ActiveX Control it won’t be allowed to as you can see below:
To add website to the whitelist click on the Filtered button, that is the little blue circle, and click on the Turn off ActiveX Filtering button. This will add the website to the whitelist so that it can run ActiveX Controls.
You will now be able to do stuff that requires ActiveX Controls on that website.